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REMARKS/ARGUMENTS 

Claims 1, 2, 4, 5, 8-10, 14, 15, 16, 18, 22, and claims 25-28 are amended herein. 
Claims 1-28 are currently pending. 

The independent claims have been amended to clarify that the method and system 
provide authentication and accounting. These claims were previously amended to include 
sending accounting information directly to the first and second AAA servers. The preamble 
is therefore amended to conform to the previously amended claims. The dependent claims 
have been amended to replace "the virtual private network AAA server" with —the first 
AAA server--, and replace "the service provider AAA server" with —the second AAA 
server-. The first AAA server refers to the virtual private network AAA server and the 
second AAA server refers to the service provider AAA server. The dependent claims were 
thus amended to provide consistency in the use of terms. No new matter has been presented 
with these amendments. The amendments apply to formal matters and place the claims in 
better form for consideration. Applicants therefore request that the amendments after final 
be entered. 

Claims 1-28 stand rejected under 35 U.S.C. 103 as being unpatentable over U.S. 
Patent Publication No. US 2002/0034939 (Wenzel) in view of U.S. Patent No. 7,107,620 
(Haverinen). 

Wenzel discloses use of AAA protocols for authentication of physical devices in IP 
networks. As shown in Fig. 1, a mobile access terminal 104 is coupled to communicate with 
an access network controller (ANC) 108. ANC 108 is coupled to communicate with a 
NAS/PSDN 1 16 and an AN- AAA server 120 (referred to by the Examiner as the second 
AAA server). NAS/PSDN 1 16 is coupled to a data packet network 124 by way of a local 
server 122 (referred to the Examiner as the first AAA server). The AN- AAA server 120 
authenticates the identity of the access terminal 104 and other devices that seek access to the 
data packet network 124 through the wireless data network 100. In rejecting the claims, the 
Examiner interprets the NAS/PSDN 1 16 and ANC 108 as a gateway. 
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Applicants' invention, as set forth in the claims is directed to a method for providing 
authentication and accounting in a virtual private network having a first AAA server. 
Authentication of a remote user is performed at the first AAA server without contacting a 
second AAA server, which is not located within the virtual private network and is associated 
with the virtual home gateway. 

In contrast to applicants' invention, Wenzel uses the second AAA server 120 to 
perform authentication (see, paragraphs [0031] - [0033], for example). ANC 108 does not 
communicate with NAS/PSDN until it has received instructions from AN-AAA server 120 
(paragraph [0036]). Once a communication link is established between NAS/PSDN 1 16 and 
access terminal 104, based on authentication at the second AAA server 120, NAS/PSDN 
produces authorization information signals to local AAA server (first server) 122 (paragraph 
[0038]). Thus, while the NAS/PSDN 116 makes final determinations as to whether a 
connection may be established, AN-AAA server 120 performs the preliminary 
authentication and makes a determination that is relied upon by the NAS/PSDN in 
determining whether to establish a connection. Systems such as disclosed in Wenzel which 
require communication between AAA servers can pose a serious security risk. 

Furthermore, Wenzel does not show or suggest receiving a request from a remote 
user for connection with a virtual private network at a virtual home gateway. Instead, 
Wenzel teaches communication with a data packet network using two AAA servers, neither 
server located within the data packet network. 

Moreover, Wenzel does not disclose sending accounting information directly to first 
and second AAA servers. In rejecting the claims, the Examiner refers to paragraphs 0040 
and 0043 of Wenzel. These paragraphs describe how random numbers and access 
grant/deny signals are generated and transmitted. There is no discussion of transmitting 
accounting information. 

As noted by the Examiner, Wenzel also does not disclose performing a lookup of a 
first AAA server address at a virtual home gateway. Since the AAA server 122 is local to 
the NAS/PDSN 116, there is no reason to perform a lookup to find the AAA server. In 
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contrast to Wenzel, the first AAA server of applicants' invention is located within the virtual 
private network, thus the gateway has to perform a lookup to find the address of the AAA 
server associated with the virtual private network. 

Haverinen et al. describe authentication in a packet data network. A mobile IP 

network MPI is connected to GSM_B by a GSM authentication gateway (GAGW). The 

GAGW couples together a server in the GSM_B and a server in the MIP network. The two 

AAA servers (HAAA and FAAA) are associated with one another and directly coupled 

through the GAGW. Thus, there is no need to perform a lookup of an address of the 

* 

associated AAA server. 

Accordingly, claims 1, 14, and 25 are submitted as patentable over Wenzel and 
Haverinen et al. 

Claims 2-13, depending from claim 1, claims 15-24, depending from claim 14, and 
claims 26-28, are submitted as patentable for at least the same reasons as their base 
independent claims. 

Claims 2, 3, and 18 are further submitted as patentable over the cited references, 
which do not show or suggest receiving a virtual private network ID and address of an AAA 
server of the virtual private network at a virtual home gateway. As previously discussed, the 
user in Wenzel is not attempting to contact a virtual private network. In rejecting the 
claims, the Examiner refers to paragraph [0038] of Wenzel. This section of the patent 
application describes how the NAS/PSDN 1 16 (referred to by the Examiner as the gateway) 
produces authorization information signals to a local AAA server 122. There is no teaching 
of receiving a virtual private network ID or address of a VPN AAA server at the gateway. 

Regarding claims 4, 5, 22, 27, and 28, the cited references do not show or suggest 
sending a request to a service provider AAA server to authorize the remote user. In 
contrast, Wenzel uses a local AAA server (referred to by the Examiner as the first AAA 
server) to authorize a user. 

Claim 6 is further submitted as patentable because the cited references do not show 
or suggest sending a request to authenticate a remote user comprising routing the request 
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using a customer routing table of a virtual private network. In rejecting the claim, the 
Examiner refers to col. 12, lines 14-16 of Haverinen et al. This section of the patent 
describes communication between two AAA servers. As noted above, applicants' invention 
provides authentication without direct communication between two AAA servers. 
Furthermore, Haverinen et al. do not teach routing an authentication request using a 
customer routing table of a virtual private network. 

With regard to claims 8, 9, 10, and 16, Wenzel does not discuss sending an 
accounting request to the AAA servers. As previously noted, the paragraphs referenced by 
the Examiner refer to generating authorization/deny signals. 

The Examiner has not provided any support for rejection of claims 15-17. 

For the foregoing reasons, Applicants believe that all of the pending claims are in 
condition for allowance and should be passed to issue. If the Examiner feels that a 
telephone conference would in any way expedite the prosecution of the application, please 
do not hesitate to call the undersigned at (408) 399-5608. 



Respectfully submitted, 



Cindy S. Kaplan 
Reg. No. 40,043 




P.O. Box 2448 



Saratoga, CA 95070 
Tel: 408-399-5608 
Fax: 408-399-5609 



Page 1 1 of 1 1 



